Black Hat HACK.ME event round-up

On January 17th I had the privilege to present the HACK.ME project during a Black Hat Webcast with Travis Carelock as moderator and Karl Snider from IBM as sponsor of the event.

Hack.me, that we launched in October 9th during a live event with the Ethical Hacker Network community, is the platform where the commuinty can build and share with others, full-fledged vulnerable web applications.

The goal is to provide students, web application security researchers and pentesters a large collection of CMS’s, COTS and custom code with known and unknown vulnerabilities. This is both for educational and research purposes.

Now the project counts dozens of community contributed Hackmes and universities, conferences and companies using it regularly.

It’s now the best way to learn web application security for FREE. So if you haven’t already, check it out now.

During the webcast I’ve had the chance to introduce the project and briefly talk about the Coliseum Framework that is the core of the Hack.me project.

Coliseum creates a sandbox around the vulnerable web application you are running so that you can have an isolated environment, safe and clean everytime you create a new instance of the web app.

We call it a Hack store of runnable vulnerable web applications.

You can already find famous vulnerable web apps like Mutillidae or DVWA. You’re just a click away from running them in a sandbox (yes no need to download entire virtual machines).